Topics

Featured in Development

Peter Alvaro talks about the reasons one should engage in language design and why many of us would (or should) do something so perverse as to design a language that no one will ever use. He shares some of the extreme and sometimes obnoxious opinions that guided his design process.

Featured in AI, ML & Data Engineering

Today on The InfoQ Podcast, Wes talks with Katharine Jarmul about privacy and fairness in machine learning algorithms. Jarul discusses what’s meant by Ethical Machine Learning and some things to consider when working towards achieving fairness. Jarmul is the co-founder at KIProtect a machine learning security and privacy firm based in Germany and is one of the three keynote speakers at QCon.ai.

Featured in Culture & Methods

Organizations struggle to scale their agility. While every organization is different, common patterns explain the major challenges that most organizations face: organizational design, trying to copy others, “one-size-fits-all” scaling, scaling in siloes, and neglecting engineering practices. This article explains why, what to do about it, and how the three leading scaling frameworks compare.

Google+ Sign-In extends the Google+ social network into third-party websites, desktop applications and mobile apps, and further cements Google's position as an identity provider alongside others such as Twitter and Facebook. The new service, announced on February 26th, provides features for authentication, authorization and activity sharing. There is additional support for user engagement, hangouts and automatic Android app downloads.

While discussion of the new service has been dominated by a perceived rivalry with Facebook, from a technical perspective it's useful to look under the covers at the Google+ API to see how the new features work and understand some of the standards that are being put to use.

A simple [g+ | Sign In] button provides the entry-point into a third-party web-page, desktop or mobile application. This kicks off a process that starts with the application requesting an access token for the user's Google+ profile. The orchestration is accomplished either in the web-browser via the client-side flow, or via back-end API operations using the server-side flow. If the user hasn't already authenticated with Google+ then authentication is executed as part of the sign-in. The user is also prompted for the level of access they wish to give to the third-party application. Access levels, or scopes can include:

userinfo.email: provides only the user's email address

plus.me: provides the user's Google+ profile information

plus.login: extends the other scopes by allowing access to circles and the ability to write activities to the user's Google+ activity stream

This access orchestration is a combination of authentication and authorization which follows the OpenID Connect draft standard which itself is based on the recently ratified OAuth 2 protocol. Authentication is handled completely within Google's authentication system and does not involve the third-party application. OpenID Connect layers authentication over the OAuth authorization protocol, effectively authenticating the user to the third-party application by granting access to the user's Google+ profile. Nat Sakimura, Chair of the OpenID Foundation and a co-author of OpenID Connect, provides a good description of the difference between OpenID, OAuth and OpenID Connect and how applications use services like Google+ Sign-In to verify the identity of a user requesting access.

Users can review their application authorizations using their App settings page where they may revoke access or change their sharing settings.

The third-party application may now use its access token to manage in-application activities within the Google+ API. Google refers to these activities as "Moments" and the Google+ API provides a simple CRUD interface to insert, list and delete moments. Moments come in different flavours, called ActivityTypes. All activities have a name, description and thumbnail, plus an itemtype which is the subject of the activity. Itemtype must be a sub-type of a schema.org "Thing", for example a Book, Place or Person. In addition, items must have a URL reference to an HTML page containing schema.org markup for the relevant item. In this way, Google+ integration encourages the development of a "semantic web" of structured markup which is also useful to search engines. The list of activities is quite comprehensive:

AddActivity: is a generic activity with itemtype, name, description and thumbnail.

BuyActivity: represents the purchase of an item.

CheckinActivity: represents a user checking-in from a place and carries additional attributes for address and geolocation.

CommentActivity: is appropriate when a user comments on a blog post, book or other creative work.

CreateActivity: for when a user creates a creative work.

DiscoverActivity: for when a user discovers a creative work.

ListenActivity: represents a user listening to a musical recording and provides additional attributes for song, album and artist meta-data.

ReserveActivity: signifies the user making a reservation at a local business such as a restaurant or hotel.

ReviewActivity: is a review of an item along with rating information.

WantActivity: indicates that a user wants an item, for example if they add the item to a wishlist in the application.

The representation and dissemination of these moments into Google+ activity streams is all handled by Google+ based on the user's authorization settings.

This brief review only scratches the surface of the new Google+ features launched with Sign-In, but provides an interesting example of new authentication and authorization standards as well as the extension of semantic markup into social activity streams.